Internet of crap (encryption): IoT gear is generating easy-to-crack keys
Found on The Register on Monday, 16 December 2019
The team believes that the reason for this poor entropy is down to IoT devices. Because the embedded gear is often based on very low-power hardware, the devices are unable to properly generate random numbers.
The recommendation is that IoT hardware vendors step up their security efforts to improve the entropy of these devices and make sure that their hardware is able to properly set up secure connections.
"Using a single cloud-hosted virtual machine and a well-studied algorithm, over 1 in 200 certificates using these keys can be compromised in a matter of days."
Unless the companies behind IoT devices can be held financially responsible for damages caused by weaknesses of their devices, nothing will change.